CVE-2013-6435 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Severity

76%

Complexity

49%

Confidentiality

165%

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

First reported 10 years ago

2014-12-16 18:59:00

Last updated 6 years ago

2018-11-29 11:29:00

Affected Software

RPM RPM Package Manager 1.2

1.2

RPM RPM Package Manager 1.3

1.3

RPM RPM Package Manager 1.3.1

1.3.1

RPM RPM Package Manager 1.4

1.4

RPM RPM Package Manager 1.4.1

1.4.1

RPM RPM Package Manager 1.4.2

1.4.2

RPM RPM Package Manager 1.4.2/a

1.4.2\/a

RPM RPM Package Manager 1.4.3

1.4.3

RPM RPM Package Manager 1.4.4

1.4.4

RPM RPM Package Manager 1.4.5

1.4.5

RPM RPM Package Manager 1.4.6

1.4.6

RPM RPM Package Manager 1.4.7

1.4.7

RPM RPM Package Manager 2.0

2.0

RPM RPM Package Manager 2.0.1

2.0.1

RPM RPM Package Manager 2.0.2

2.0.2

RPM RPM Package Manager 2.0.3

2.0.3

RPM RPM Package Manager 2.0.4

2.0.4

RPM RPM Package Manager 2.0.5

2.0.5

RPM RPM Package Manager 2.0.6

2.0.6

RPM RPM Package Manager 2.0.7

2.0.7

RPM RPM Package Manager 2.0.8

2.0.8

RPM RPM Package Manager 2.0.9

2.0.9

RPM RPM Package Manager 2.0.10

2.0.10

RPM RPM Package Manager 2.0.11

2.0.11

RPM RPM Package Manager 2.1

2.1

RPM RPM Package Manager 2.1.1

2.1.1

RPM RPM Package Manager 2.1.2

2.1.2

RPM RPM Package Manager 2.2

2.2

RPM RPM Package Manager 2.2.1

2.2.1

RPM RPM Package Manager 2.2.2

2.2.2

RPM RPM Package Manager 2.2.3

2.2.3

RPM RPM Package Manager 2.3.10

2.2.3.10

RPM RPM Package Manager 2.3.11

2.2.3.11

RPM RPM Package Manager 2.2.4

2.2.4

RPM RPM Package Manager 2.2.5

2.2.5

RPM RPM Package Manager 2.2.6

2.2.6

RPM RPM Package Manager 2.2.7

2.2.7

RPM RPM Package Manager 2.2.8

2.2.8

RPM RPM Package Manager 2.2.9

2.2.9

RPM RPM Package Manager 2.2.10

2.2.10

RPM RPM Package Manager 2.2.11

2.2.11

RPM RPM Package Manager 2.3

2.3

RPM RPM Package Manager 2.3.1

2.3.1

RPM RPM Package Manager 2.3.2

2.3.2

RPM RPM Package Manager 2.3.3

2.3.3

RPM RPM Package Manager 2.3.4

2.3.4

RPM RPM Package Manager 2.3.5

2.3.5

RPM RPM Package Manager 2.3.6

2.3.6

RPM RPM Package Manager 2.3.7

2.3.7

RPM RPM Package Manager 2.3.9

2.3.8

RPM RPM Package Manager 2.3.9

2.3.9

RPM RPM Package Manager 2.4.1

2.4.1

RPM RPM Package Manager 2.4.2

2.4.2

RPM RPM Package Manager 2.4.3

2.4.3

RPM RPM Package Manager 2.4.4

2.4.4

RPM RPM Package Manager 2.4.5

2.4.5

RPM RPM Package Manager 2.4.6

2.4.6

RPM RPM Package Manager 2.4.8

2.4.8

RPM RPM Package Manager 2.4.9

2.4.9

RPM RPM Package Manager 2..11

2.4.11

RPM RPM Package Manager 2.4.12

2.4.12

RPM RPM Package Manager 2.5

2.5

RPM RPM Package Manager 2.5.1

2.5.1

RPM RPM Package Manager 2.5.2

2.5.2

RPM RPM Package Manager 2.5.3

2.5.3

RPM RPM Package Manager 2.5.4

2.5.4

RPM RPM Package Manager 2.5.5

2.5.5

RPM RPM Package Manager 2.5.6

2.5.6

RPM RPM Package Manager 2.4.7

2.6.7

RPM RPM Package Manager 3.0

3.0

RPM RPM Package Manager 3.0.1

3.0.1

RPM RPM Package Manager 3.0.2

3.0.2

RPM RPM Package Manager 3.0.3

3.0.3

RPM RPM Package Manager 3.0.4

3.0.4

RPM RPM Package Manager 3.0.5

3.0.5

RPM RPM Package Manager 3.0.6

3.0.6

RPM RPM Package Manager 4.0

4.0.

RPM RPM Package Manager 4.0.1

4.0.1

RPM RPM Package Manager 4.0.2

4.0.2

RPM RPM Package Manager 4.0.3

4.0.3

RPM RPM Package Manager 4.0.4

4.0.4

RPM RPM Package Manager 4.1

4.1

RPM RPM Package Manager 4.3

4.3.3

RPM RPM Package Manager 4.4.2.1

4.4.2.1

RPM RPM Package Manager 4.4.2.2

4.4.2.2

RPM RPM Package Manager 4.4.2.3

4.4.2.3

RPM RPM Package Manager 4.5.90

4.5.90

RPM RPM Package Manager 4.6.0

4.6.0

RPM RPM Package Manager 4.6.0-release candidate 1

4.6.0

RPM RPM Package Manager 4.6.0-release candidate 2

4.6.0

RPM RPM Package Manager 4.6.0-release candidate 3

4.6.0

RPM RPM Package Manager 4.6.0-release candidate 4

4.6.0

RPM RPM Package Manager 4.6.1

4.6.1

RPM RPM Package Manager 4.7.0

4.7.0

RPM RPM Package Manager 4.7.1

4.7.1

RPM RPM Package Manager 4.7.2

4.7.2

RPM RPM Package Manager 4.8.0

4.8.0

RPM RPM Package Manager 4.8.1

4.8.1

RPM RPM Package Manager 4.9.0

4.9.0

RPM RPM Package Manager 4.9.0 alpha

4.9.0

RPM RPM Package Manager 4.9.0 beta1

4.9.0

RPM RPM Package Manager 4.9.0 release candidate 1

4.9.0

RPM RPM Package Manager 4.9.1

4.9.1

RPM RPM Package Manager 4.9.1.1

4.9.1.1

RPM RPM Package Manager 4.9.1.2

4.9.1.2

RPM RPM Package Manager 4.10.0

4.10.0

RPM RPM Package Manager 4.10.1

4.10.1

RPM RPM Package Manager 4.10.2

4.10.2

Debian Linux 7.0

7.0

References

http://advisories.mageia.org/MGASA-2014-0529.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

RHSA-2014:1974

RHSA-2014:1975

RHSA-2014:1976

DSA-3129

MDVSA-2014:251

MDVSA-2015:056

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

71558

https://bugzilla.redhat.com/show_bug.cgi?id=1039811

GLSA-201811-22

https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.